]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/recipes/80-test_cms.t
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Teach ssl_test_new how to test the FIPS module
[thirdparty/openssl.git] / test / recipes / 80-test_cms.t
CommitLineData
596d6b7e
RS		 1#! /usr/bin/env perl
2# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
3#
909f1a2e 4# Licensed under the Apache License 2.0 (the "License"). You may not use
596d6b7e
RS		 5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
88b8a527
RL		 9
10use strict;
11use warnings;
12
13use POSIX;
14use File::Spec::Functions qw/catfile/;
15use File::Compare qw/compare_text/;
f5056577 16use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir/;
340166a9 17use OpenSSL::Test::Utils;
88b8a527
RL		 18
19setup("test_cms");
20
18cb0221
MC		 21plan skip_all => "CMS is not supported by this OpenSSL build"
22 if disabled("cms");
23
f5056577
SL		 24my $provpath = bldtop_dir("providers");
25my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
26
19e512a8 27my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
42e0ccdf
RL		 28my $smdir = srctop_dir("test", "smime-certs");
29my $smcont = srctop_file("test", "smcont.txt");
83ae8124
MC		 30my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
31 = disabled qw/des dh dsa ec ec2m rc2 zlib/;
88b8a527 32
cf6404b1 33plan tests => 7;
88b8a527
RL		 34
35my @smime_pkcs7_tests = (
36
37 [ "signed content DER format, RSA key",
4b3327e7
RL		 38 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
39 "-certfile", catfile($smdir, "smroot.pem"),
40 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
41 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
42 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
43 \&final_compare
88b8a527
RL		 44 ],
45
46 [ "signed detached content DER format, RSA key",
4b3327e7
RL		 47 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
48 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
49 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
50 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
51 "-content", $smcont ],
52 \&final_compare
88b8a527
RL		 53 ],
54
55 [ "signed content test streaming BER format, RSA",
4b3327e7
RL		 56 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
57 "-stream",
58 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
59 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
60 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
61 \&final_compare
88b8a527
RL		 62 ],
63
64 [ "signed content DER format, DSA key",
4b3327e7
RL		 65 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
66 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
67 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
68 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
69 \&final_compare
88b8a527
RL		 70 ],
71
72 [ "signed detached content DER format, DSA key",
4b3327e7
RL		 73 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
74 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
75 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
76 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
77 "-content", $smcont ],
78 \&final_compare
88b8a527
RL		 79 ],
80
83ae8124 81 [ "signed detached content DER format, add RSA signer (with DSA existing)",
4b3327e7
RL		 82 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
83 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
84 [ "{cmd1}", "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
85 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}2.cms" ],
86 [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER",
87 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt",
88 "-content", $smcont ],
89 \&final_compare
88b8a527
RL		 90 ],
91
92 [ "signed content test streaming BER format, DSA key",
4b3327e7
RL		 93 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
94 "-nodetach", "-stream",
95 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
96 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
97 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
98 \&final_compare
88b8a527
RL		 99 ],
100
101 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
4b3327e7
RL		 102 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
103 "-nodetach", "-stream",
104 "-signer", catfile($smdir, "smrsa1.pem"),
105 "-signer", catfile($smdir, "smrsa2.pem"),
106 "-signer", catfile($smdir, "smdsa1.pem"),
107 "-signer", catfile($smdir, "smdsa2.pem"),
108 "-out", "{output}.cms" ],
109 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
110 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
111 \&final_compare
88b8a527
RL		 112 ],
113
114 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
4b3327e7
RL		 115 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
116 "-noattr", "-nodetach", "-stream",
117 "-signer", catfile($smdir, "smrsa1.pem"),
118 "-signer", catfile($smdir, "smrsa2.pem"),
119 "-signer", catfile($smdir, "smdsa1.pem"),
120 "-signer", catfile($smdir, "smdsa2.pem"),
121 "-out", "{output}.cms" ],
122 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
123 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
124 \&final_compare
88b8a527
RL		 125 ],
126
c6d67f09 127 [ "signed content S/MIME format, RSA key SHA1",
4b3327e7
RL		 128 [ "{cmd1}", "-sign", "-in", $smcont, "-md", "sha1",
129 "-certfile", catfile($smdir, "smroot.pem"),
130 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
131 [ "{cmd2}", "-verify", "-in", "{output}.cms",
132 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
133 \&final_compare
c6d67f09
DSH		 134 ],
135
88b8a527 136 [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
4b3327e7
RL		 137 [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach",
138 "-signer", catfile($smdir, "smrsa1.pem"),
139 "-signer", catfile($smdir, "smrsa2.pem"),
140 "-signer", catfile($smdir, "smdsa1.pem"),
141 "-signer", catfile($smdir, "smdsa2.pem"),
142 "-stream", "-out", "{output}.cms" ],
143 [ "{cmd2}", "-verify", "-in", "{output}.cms",
144 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
145 \&final_compare
88b8a527
RL		 146 ],
147
148 [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
4b3327e7
RL		 149 [ "{cmd1}", "-sign", "-in", $smcont,
150 "-signer", catfile($smdir, "smrsa1.pem"),
151 "-signer", catfile($smdir, "smrsa2.pem"),
152 "-signer", catfile($smdir, "smdsa1.pem"),
153 "-signer", catfile($smdir, "smdsa2.pem"),
154 "-stream", "-out", "{output}.cms" ],
155 [ "{cmd2}", "-verify", "-in", "{output}.cms",
156 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
157 \&final_compare
88b8a527
RL		 158 ],
159
96bea000 160 [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
4b3327e7
RL		 161 [ "{cmd1}", "-encrypt", "-in", $smcont,
162 "-stream", "-out", "{output}.cms",
163 catfile($smdir, "smrsa1.pem"),
164 catfile($smdir, "smrsa2.pem"),
165 catfile($smdir, "smrsa3.pem") ],
166 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
167 "-in", "{output}.cms", "-out", "{output}.txt" ],
168 \&final_compare
88b8a527
RL		 169 ],
170
96bea000 171 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
4b3327e7
RL		 172 [ "{cmd1}", "-encrypt", "-in", $smcont,
173 "-stream", "-out", "{output}.cms",
174 catfile($smdir, "smrsa1.pem"),
175 catfile($smdir, "smrsa2.pem"),
176 catfile($smdir, "smrsa3.pem") ],
177 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
178 "-in", "{output}.cms", "-out", "{output}.txt" ],
179 \&final_compare
88b8a527
RL		 180 ],
181
96bea000 182 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
4b3327e7
RL		 183 [ "{cmd1}", "-encrypt", "-in", $smcont,
184 "-stream", "-out", "{output}.cms",
185 catfile($smdir, "smrsa1.pem"),
186 catfile($smdir, "smrsa2.pem"),
187 catfile($smdir, "smrsa3.pem") ],
188 [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
189 "-in", "{output}.cms", "-out", "{output}.txt" ],
190 \&final_compare
88b8a527
RL		 191 ],
192
193 [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
4b3327e7
RL		 194 [ "{cmd1}", "-encrypt", "-in", $smcont,
195 "-aes256", "-stream", "-out", "{output}.cms",
196 catfile($smdir, "smrsa1.pem"),
197 catfile($smdir, "smrsa2.pem"),
198 catfile($smdir, "smrsa3.pem") ],
199 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
200 "-in", "{output}.cms", "-out", "{output}.txt" ],
201 \&final_compare
88b8a527
RL		 202 ],
203
204);
205
206my @smime_cms_tests = (
207
208 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
4b3327e7
RL		 209 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER",
210 "-nodetach", "-keyid",
211 "-signer", catfile($smdir, "smrsa1.pem"),
212 "-signer", catfile($smdir, "smrsa2.pem"),
213 "-signer", catfile($smdir, "smdsa1.pem"),
214 "-signer", catfile($smdir, "smdsa2.pem"),
215 "-stream", "-out", "{output}.cms" ],
216 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
217 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
218 \&final_compare
88b8a527
RL		 219 ],
220
221 [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
4b3327e7
RL		 222 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
223 "-signer", catfile($smdir, "smrsa1.pem"),
224 "-signer", catfile($smdir, "smrsa2.pem"),
225 "-signer", catfile($smdir, "smdsa1.pem"),
226 "-signer", catfile($smdir, "smdsa2.pem"),
227 "-stream", "-out", "{output}.cms" ],
228 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
229 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
230 \&final_compare
88b8a527
RL		 231 ],
232
233 [ "signed content MIME format, RSA key, signed receipt request",
4b3327e7
RL		 234 [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach",
235 "-signer", catfile($smdir, "smrsa1.pem"),
236 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
237 "-out", "{output}.cms" ],
238 [ "{cmd2}", "-verify", "-in", "{output}.cms",
239 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
240 \&final_compare
88b8a527
RL		 241 ],
242
243 [ "signed receipt MIME format, RSA key",
4b3327e7
RL		 244 [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach",
245 "-signer", catfile($smdir, "smrsa1.pem"),
246 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
247 "-out", "{output}.cms" ],
248 [ "{cmd1}", "-sign_receipt", "-in", "{output}.cms",
249 "-signer", catfile($smdir, "smrsa2.pem"), "-out", "{output}2.cms" ],
250 [ "{cmd2}", "-verify_receipt", "{output}2.cms", "-in", "{output}.cms",
251 "-CAfile", catfile($smdir, "smroot.pem") ]
88b8a527
RL		 252 ],
253
e85d19c6 254 [ "signed content DER format, RSA key, CAdES-BES compatible",
4b3327e7
RL		 255 [ "{cmd1}", "-sign", "-cades", "-in", $smcont, "-outform", "DER",
256 "-nodetach",
e85d19c6 257 "-certfile", catfile($smdir, "smroot.pem"),
4b3327e7
RL		 258 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
259 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
260 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
261 \&final_compare
e85d19c6
AI		 262 ],
263
264 [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible",
4b3327e7
RL		 265 [ "{cmd1}", "-sign", "-cades", "-md", "sha256", "-in", $smcont,
266 "-outform", "DER", "-nodetach",
267 "-certfile", catfile($smdir, "smroot.pem"),
268 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ],
269 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER",
270 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
271 \&final_compare
e85d19c6
AI		 272 ],
273
96bea000 274 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
4b3327e7
RL		 275 [ "{cmd1}", "-encrypt", "-in", $smcont,
276 "-stream", "-out", "{output}.cms", "-keyid",
277 catfile($smdir, "smrsa1.pem"),
278 catfile($smdir, "smrsa2.pem"),
279 catfile($smdir, "smrsa3.pem") ],
280 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
281 "-in", "{output}.cms", "-out", "{output}.txt" ],
282 \&final_compare
88b8a527
RL		 283 ],
284
285 [ "enveloped content test streaming PEM format, KEK",
4b3327e7
RL		 286 [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
287 "-stream", "-out", "{output}.cms",
288 "-secretkey", "000102030405060708090A0B0C0D0E0F",
289 "-secretkeyid", "C0FEE0" ],
290 [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt",
291 "-inform", "PEM",
292 "-secretkey", "000102030405060708090A0B0C0D0E0F",
293 "-secretkeyid", "C0FEE0" ],
294 \&final_compare
88b8a527
RL		 295 ],
296
297 [ "enveloped content test streaming PEM format, KEK, key only",
4b3327e7
RL		 298 [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
299 "-stream", "-out", "{output}.cms",
300 "-secretkey", "000102030405060708090A0B0C0D0E0F",
301 "-secretkeyid", "C0FEE0" ],
302 [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt",
303 "-inform", "PEM",
304 "-secretkey", "000102030405060708090A0B0C0D0E0F" ],
305 \&final_compare
88b8a527
RL		 306 ],
307
308 [ "data content test streaming PEM format",
4b3327e7
RL		 309 [ "{cmd1}", "-data_create", "-in", $smcont, "-outform", "PEM",
310 "-nodetach", "-stream", "-out", "{output}.cms" ],
311 [ "{cmd2}", "-data_out", "-in", "{output}.cms", "-inform", "PEM",
312 "-out", "{output}.txt" ],
313 \&final_compare
88b8a527
RL		 314 ],
315
316 [ "encrypted content test streaming PEM format, 128 bit RC2 key",
f5056577
SL		 317 [ "{cmd1}", @prov, "-EncryptedData_encrypt",
318 "-in", $smcont, "-outform", "PEM",
4b3327e7
RL		 319 "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
320 "-stream", "-out", "{output}.cms" ],
f5056577 321 [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms",
4b3327e7
RL		 322 "-inform", "PEM",
323 "-secretkey", "000102030405060708090A0B0C0D0E0F",
324 "-out", "{output}.txt" ],
325 \&final_compare
88b8a527
RL		 326 ],
327
328 [ "encrypted content test streaming PEM format, 40 bit RC2 key",
f5056577
SL		 329 [ "{cmd1}", @prov, "-EncryptedData_encrypt",
330 "-in", $smcont, "-outform", "PEM",
4b3327e7
RL		 331 "-rc2", "-secretkey", "0001020304",
332 "-stream", "-out", "{output}.cms" ],
f5056577 333 [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms",
4b3327e7
RL		 334 "-inform", "PEM",
335 "-secretkey", "0001020304", "-out", "{output}.txt" ],
336 \&final_compare
88b8a527
RL		 337 ],
338
339 [ "encrypted content test streaming PEM format, triple DES key",
4b3327e7
RL		 340 [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
341 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
342 "-stream", "-out", "{output}.cms" ],
343 [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
344 "-inform", "PEM",
345 "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
346 "-out", "{output}.txt" ],
347 \&final_compare
88b8a527
RL		 348 ],
349
350 [ "encrypted content test streaming PEM format, 128 bit AES key",
4b3327e7
RL		 351 [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
352 "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
353 "-stream", "-out", "{output}.cms" ],
354 [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
355 "-inform", "PEM",
356 "-secretkey", "000102030405060708090A0B0C0D0E0F",
357 "-out", "{output}.txt" ],
358 \&final_compare
88b8a527
RL		 359 ],
360
361);
362
363my @smime_cms_comp_tests = (
364
365 [ "compressed content test streaming PEM format",
4b3327e7
RL		 366 [ "{cmd1}", "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
367 "-stream", "-out", "{output}.cms" ],
368 [ "{cmd2}", "-uncompress", "-in", "{output}.cms", "-inform", "PEM",
369 "-out", "{output}.txt" ],
370 \&final_compare
88b8a527
RL		 371 ]
372
373);
374
375my @smime_cms_param_tests = (
376 [ "signed content test streaming PEM format, RSA keys, PSS signature",
4b3327e7
RL		 377 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
378 "-signer", catfile($smdir, "smrsa1.pem"),
379 "-keyopt", "rsa_padding_mode:pss",
380 "-out", "{output}.cms" ],
381 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
382 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
383 \&final_compare
88b8a527
RL		 384 ],
385
31fc48dd 386 [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max",
4b3327e7
RL		 387 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
388 "-signer", catfile($smdir, "smrsa1.pem"),
389 "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max",
390 "-out", "{output}.cms" ],
391 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
392 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
393 \&final_compare
491360e7
BE		 394 ],
395
88b8a527 396 [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
4b3327e7
RL		 397 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
398 "-noattr",
399 "-signer", catfile($smdir, "smrsa1.pem"),
400 "-keyopt", "rsa_padding_mode:pss",
401 "-out", "{output}.cms" ],
402 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
403 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
404 \&final_compare
88b8a527
RL		 405 ],
406
407 [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
4b3327e7
RL		 408 [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
409 "-signer", catfile($smdir, "smrsa1.pem"),
410 "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_mgf1_md:sha384",
411 "-out", "{output}.cms" ],
412 [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM",
413 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ],
414 \&final_compare
88b8a527
RL		 415 ],
416
96bea000 417 [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
4b3327e7
RL		 418 [ "{cmd1}", "-encrypt", "-in", $smcont,
419 "-stream", "-out", "{output}.cms",
420 "-recip", catfile($smdir, "smrsa1.pem"),
421 "-keyopt", "rsa_padding_mode:oaep" ],
422 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
423 "-in", "{output}.cms", "-out", "{output}.txt" ],
424 \&final_compare
88b8a527
RL		 425 ],
426
96bea000 427 [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
4b3327e7
RL		 428 [ "{cmd1}", "-encrypt", "-in", $smcont,
429 "-stream", "-out", "{output}.cms",
430 "-recip", catfile($smdir, "smrsa1.pem"),
431 "-keyopt", "rsa_padding_mode:oaep",
432 "-keyopt", "rsa_oaep_md:sha256" ],
433 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
434 "-in", "{output}.cms", "-out", "{output}.txt" ],
435 \&final_compare
88b8a527
RL		 436 ],
437
96bea000 438 [ "enveloped content test streaming S/MIME format, DES, ECDH",
4b3327e7
RL		 439 [ "{cmd1}", "-encrypt", "-in", $smcont,
440 "-stream", "-out", "{output}.cms",
441 "-recip", catfile($smdir, "smec1.pem") ],
442 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
443 "-in", "{output}.cms", "-out", "{output}.txt" ],
444 \&final_compare
88b8a527
RL		 445 ],
446
5d09b003 447 [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
4b3327e7
RL		 448 [ "{cmd1}", "-encrypt", "-in", $smcont,
449 "-stream", "-out", "{output}.cms",
450 catfile($smdir, "smec1.pem"),
451 catfile($smdir, "smec3.pem") ],
452 [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smec3.pem"),
453 "-in", "{output}.cms", "-out", "{output}.txt" ],
454 \&final_compare
5d09b003
DSH		 455 ],
456
96bea000 457 [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
4b3327e7
RL		 458 [ "{cmd1}", "-encrypt", "-keyid", "-in", $smcont,
459 "-stream", "-out", "{output}.cms",
460 "-recip", catfile($smdir, "smec1.pem") ],
461 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
462 "-in", "{output}.cms", "-out", "{output}.txt" ],
463 \&final_compare
88b8a527
RL		 464 ],
465
466 [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
4b3327e7
RL		 467 [ "{cmd1}", "-encrypt", "-in", $smcont,
468 "-stream", "-out", "{output}.cms",
469 "-recip", catfile($smdir, "smec1.pem"), "-aes128",
470 "-keyopt", "ecdh_kdf_md:sha256" ],
471 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
472 "-in", "{output}.cms", "-out", "{output}.txt" ],
473 \&final_compare
88b8a527
RL		 474 ],
475
476 [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
4b3327e7
RL		 477 [ "{cmd1}", "-encrypt", "-in", $smcont,
478 "-stream", "-out", "{output}.cms",
479 "-recip", catfile($smdir, "smec2.pem"), "-aes128",
480 "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
481 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
482 "-in", "{output}.cms", "-out", "{output}.txt" ],
483 \&final_compare
88b8a527
RL		 484 ],
485
486 [ "enveloped content test streaming S/MIME format, X9.42 DH",
4b3327e7
RL		 487 [ "{cmd1}", "-encrypt", "-in", $smcont,
488 "-stream", "-out", "{output}.cms",
489 "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
490 [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
491 "-in", "{output}.cms", "-out", "{output}.txt" ],
492 \&final_compare
88b8a527
RL		 493 ]
494 );
495
19e512a8
SL		 496my @contenttype_cms_test = (
497 [ "signed content test - check that content type is added to additional signerinfo, RSA keys",
4b3327e7
RL		 498 [ "{cmd1}", "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont,
499 "-outform", "DER",
19e512a8 500 "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256",
4b3327e7
RL		 501 "-out", "{output}.cms" ],
502 [ "{cmd1}", "-resign", "-binary", "-nodetach", "-in", "{output}.cms",
503 "-inform", "DER", "-outform", "DER",
19e512a8 504 "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256",
4b3327e7
RL		 505 "-out", "{output}2.cms" ],
506 sub { my %opts = @_; contentType_matches("$opts{output}2.cms") == 2; },
507 [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER",
508 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ]
19e512a8
SL		 509 ],
510);
511
512my @incorrect_attribute_cms_test = (
513 "bad_signtime_attr.cms",
514 "no_ct_attr.cms",
515 "no_md_attr.cms",
516 "ct_multiple_attr.cms"
517);
518
4b3327e7
RL		 519# Runs a standard loop on the input array
520sub runner_loop {
521 my %opts = ( @_ );
522 my $cnt1 = 0;
88b8a527 523
4b3327e7
RL		 524 foreach (@{$opts{tests}}) {
525 $cnt1++;
526 $opts{output} = "$opts{prefix}-$cnt1";
88b8a527 527 SKIP: {
4b3327e7
RL		 528 my $skip_reason = check_availability($$_[0]);
529 skip $skip_reason, 1 if $skip_reason;
530 my $ok = 1;
531 1 while unlink "$opts{output}.txt";
532
533 foreach (@$_[1..$#$_]) {
534 if (ref $_ eq 'CODE') {
535 $ok &&= $_->(%opts);
536 } else {
537 my @cmd = map {
538 my $x = $_;
539 while ($x =~ /\{([^\}]+)\}/) {
540 $x = $`.$opts{$1}.$' if exists $opts{$1};
541 }
542 $x;
543 } @$_;
544
545 diag "CMD: openssl", join(" ", @cmd);
546 $ok &&= run(app(["openssl", @cmd]));
547 $opts{input} = $opts{output};
548 }
549 }
550
551 ok($ok, $$_[0]);
552 }
88b8a527 553 }
4b3327e7
RL		 554}
555
556sub final_compare {
557 my %opts = @_;
558
559 diag "Comparing $smcont with $opts{output}.txt";
560 return compare_text($smcont, "$opts{output}.txt") == 0;
561}
562
563subtest "CMS => PKCS#7 compatibility tests\n" => sub {
564 plan tests => scalar @smime_pkcs7_tests;
565
566 runner_loop(prefix => 'cms2pkcs7', cmd1 => 'cms', cmd2 => 'smime',
567 tests => [ @smime_pkcs7_tests ]);
88b8a527
RL		 568};
569subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
570 plan tests => scalar @smime_pkcs7_tests;
571
4b3327e7
RL		 572 runner_loop(prefix => 'pkcs72cms', cmd1 => 'smime', cmd2 => 'cms',
573 tests => [ @smime_pkcs7_tests ]);
88b8a527
RL		 574};
575
576subtest "CMS <=> CMS consistency tests\n" => sub {
577 plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
578
4b3327e7
RL		 579 runner_loop(prefix => 'cms2cms-1', cmd1 => 'cms', cmd2 => 'cms',
580 tests => [ @smime_pkcs7_tests ]);
581 runner_loop(prefix => 'cms2cms-2', cmd1 => 'cms', cmd2 => 'cms',
582 tests => [ @smime_cms_tests ]);
88b8a527
RL		 583};
584
585subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
586 plan tests =>
4b3327e7 587 (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
88b8a527 588
4b3327e7
RL		 589 runner_loop(prefix => 'cms2cms-mod', cmd1 => 'cms', cmd2 => 'cms',
590 tests => [ @smime_cms_param_tests ]);
88b8a527
RL		 591 SKIP: {
592 skip("Zlib not supported: compression tests skipped",
4b3327e7
RL		 593 scalar @smime_cms_comp_tests)
594 if $no_zlib;
595
596 runner_loop(prefix => 'cms2cms-comp', cmd1 => 'cms', cmd2 => 'cms',
597 tests => [ @smime_cms_comp_tests ]);
88b8a527
RL		 598 }
599};
600
19e512a8
SL		 601# Returns the number of matches of a Content Type Attribute in a binary file.
602sub contentType_matches {
603 # Read in a binary file
604 my ($in) = @_;
605 open (HEX_IN, "$in") or die("open failed for $in : $!");
606 binmode(HEX_IN);
607 local $/;
608 my $str = <HEX_IN>;
609
610 # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data)
611 my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs;
612
613 close(HEX_IN);
614 return scalar(@c);
615}
616
617subtest "CMS Check the content type attribute is added for additional signers\n" => sub {
4b3327e7 618 plan tests => (scalar @contenttype_cms_test);
19e512a8 619
4b3327e7
RL		 620 runner_loop(prefix => 'cms2cms-added', cmd1 => 'cms', cmd2 => 'cms',
621 tests => [ @contenttype_cms_test ]);
19e512a8
SL		 622};
623
624subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
625 plan tests =>
626 (scalar @incorrect_attribute_cms_test);
627
4b3327e7 628 my $cnt = 0;
19e512a8 629 foreach my $name (@incorrect_attribute_cms_test) {
4b3327e7
RL		 630 my $out = "incorrect-$cnt.txt";
631
19e512a8
SL		 632 ok(!run(app(["openssl", "cms", "-verify", "-in",
633 catfile($datadir, $name), "-inform", "DER", "-CAfile",
4b3327e7 634 catfile($smdir, "smroot.pem"), "-out", $out ])),
19e512a8
SL		 635 $name);
636 }
637};
638
cf6404b1
NT		 639subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub {
640 plan tests => 1;
641
642 SKIP: {
643 skip "EC isn't supported in this build", 1
644 if disabled("ec");
645
646 my $out = "smtst.txt";
647
648 ok(run(app(["openssl", "cms", "-decrypt",
649 "-inkey", catfile($smdir, "smec3.pem"),
650 "-in", catfile($datadir, "ciphertext_from_1_1_1.cms"),
651 "-out", $out ]))
652 && compare_text($smcont, $out) == 0,
653 "Decrypt message from OpenSSL 1.1.1");
654 }
655};
656
88b8a527
RL		 657sub check_availability {
658 my $tnam = shift;
659
660 return "$tnam: skipped, EC disabled\n"
bb4cc75b 661 if ($no_ec && $tnam =~ /ECDH/);
88b8a527 662 return "$tnam: skipped, ECDH disabled\n"
bb4cc75b 663 if ($no_ec && $tnam =~ /ECDH/);
88b8a527 664 return "$tnam: skipped, EC2M disabled\n"
bb4cc75b 665 if ($no_ec2m && $tnam =~ /K-283/);
37f3a3b3 666 return "$tnam: skipped, DH disabled\n"
bb4cc75b
MC		 667 if ($no_dh && $tnam =~ /X9\.42/);
668 return "$tnam: skipped, RC2 disabled\n"
669 if ($no_rc2 && $tnam =~ /RC2/);
96bea000
MC		 670 return "$tnam: skipped, DES disabled\n"
671 if ($no_des && $tnam =~ /DES/);
83ae8124
MC		 672 return "$tnam: skipped, DSA disabled\n"
673 if ($no_dsa && $tnam =~ / DSA/);
bb4cc75b 674
88b8a527
RL		 675 return "";
676}
A mirror of the official openssl repository